SLIDE 1
Beyond Golden Containers
Complementing Docker with Puppet
David Lutterkort @lutterkort lutter@puppetlabs.com
Beyond Golden Containers Complementing Docker with Puppet David - - PowerPoint PPT Presentation
Beyond Golden Containers Complementing Docker with Puppet David - - PowerPoint PPT Presentation
Beyond Golden Containers Complementing Docker with Puppet David Lutterkort @lutterkort lutter@puppetlabs.com What's that container doing ? FROM fedora:20 FROM fedora:20 MAINTAINER scollier <scollier@redhat.com> MAINTAINER scollier
SLIDE 2
SLIDE 3
What's that container doing ?
FROM fedora:20 MAINTAINER scollier <scollier@redhat.com> RUN yum -y update && yum clean all RUN yum -y install couchdb && yum clean all RUN sed \
- e 's/^bind_address = .*$/bind_address = 0.0.0.0/' \
- i /etc/couchdb/default.ini
ADD local.ini /etc/couchdb/local.ini EXPOSE 5984 CMD ["/bin/sh", "-e", "/usr/bin/couchdb", "-a", "/etc/couchdb/default.ini", "-a", "/etc/couchdb/local.ini", "-b", "-r", "5", "-R"] FROM fedora:20 MAINTAINER scollier <scollier@redhat.com> RUN yum -y update && yum clean all RUN yum -y install couchdb && yum clean all RUN sed \
- e 's/^bind_address = .*$/bind_address = 0.0.0.0/' \
- i /etc/couchdb/default.ini
ADD local.ini /etc/couchdb/local.ini EXPOSE 5984 CMD ["/bin/sh", "-e", "/usr/bin/couchdb", "-a", "/etc/couchdb/default.ini", "-a", "/etc/couchdb/local.ini", "-b", "-r", "5", "-R"]
SLIDE 4
http://northshorekid.com/event/campfire-stories-marini-farm
SLIDE 5
http://www.partialhospitalization.com/2010/08/363/
SLIDE 6
lang en_US.UTF-8 keyboard us … rootpw --iscrypted $1$uw6MV$m6VtUWPed4SqgoW6fKfTZ/ part / --size 1024 --fstype ext4 --ondisk sda repo --name=fedora —mirrorlist=… repo --name=updates —mirrorlist=… %packages @core %end %post curl http://example.com/the-script.pl | /usr/bin/perl lang en_US.UTF-8 keyboard us … rootpw --iscrypted $1$uw6MV$m6VtUWPed4SqgoW6fKfTZ/ part / --size 1024 --fstype ext4 --ondisk sda repo --name=fedora —mirrorlist=… repo --name=updates —mirrorlist=… %packages @core %end %post curl http://example.com/the-script.pl | /usr/bin/perl
What’s that machine doing ?
SLIDE 7
http://www.gcksa.com/en/
SLIDE 8
SLIDE 9
SLIDE 10
SLIDE 11
Overview
- Puppet from 10,000 feet
- Managing the host
- Building images
– without a master (puppet apply) – with a master (puppet agent)
- Runtjme confjguratjon
SLIDE 12
Dataflow in Puppet
SLIDE 13
class webserver { package { 'httpd': ensure => latest } -> file { '/etc/httpd/conf.d/local.conf': ensure => file, mode => 644, source => 'puppet:///modules/httpd/local.conf', } -> service { 'httpd': ensure => running, enable => true, subscribe => File['/etc/httpd/conf.d/local.conf'], } } class webserver { package { 'httpd': ensure => latest } -> file { '/etc/httpd/conf.d/local.conf': ensure => file, mode => 644, source => 'puppet:///modules/httpd/local.conf', } -> service { 'httpd': ensure => running, enable => true, subscribe => File['/etc/httpd/conf.d/local.conf'], } }
A basic manifest
SLIDE 14
class webserver2 inherits webserver { File['/etc/httpd/conf.d/local.conf'] { source => 'puppet:///modules/httpd/other-local.conf', } } class webserver2 inherits webserver { File['/etc/httpd/conf.d/local.conf'] { source => 'puppet:///modules/httpd/other-local.conf', } }
Override via inheritance
SLIDE 15
The site-wide manifest
node host1.example.com { class { 'webserver': } } node host2.example.com { class { 'webserver2': } } node host3.example.com { class {'mongodb::server': port => 27018 } } node host1.example.com { class { 'webserver': } } node host2.example.com { class { 'webserver2': } } node host3.example.com { class {'mongodb::server': port => 27018 } }
SLIDE 16
SLIDE 17
Overview
- Puppet from 10,000 feet
- Managing the host
- Building images
– without a master (puppet apply) – with a master (puppet agent)
- Runtjme confjguratjon
SLIDE 18
Managing the host Gareth Rushgrove’s module: htups://forge.puppetlabs.com/garethr/docker
- Install docker
- Manage images
- Run containers
- Version 2.0.0 just released
SLIDE 19
class { 'docker': tcp_bind => 'tcp://127.0.0.1:4243', socket_bind => 'unix:///var/run/docker.sock', } class { 'docker': tcp_bind => 'tcp://127.0.0.1:4243', socket_bind => 'unix:///var/run/docker.sock', }
Setting up Docker
SLIDE 20
docker::image { 'ubuntu': image_tag => 'precise' } docker::image { 'ubuntu': image_tag => 'precise' }
Pulling down images
SLIDE 21
docker::run { 'appserver2': image => 'fedora:20', command => '/usr/sbin/init', ports => ['80', '443'], links => ['mysql:db'], use_name => true, volumes => ['/var/lib/couchdb', '/var/log'], volumes_from => 'appserver1', memory_limit => 10485760, # bytes username => 'appy', hostname => 'app2.example.com', env => ['FOO=BAR', 'FOO2=BAR2'], dns => ['8.8.8.8', ‘8.8.4.4'] } docker::run { 'appserver2': image => 'fedora:20', command => '/usr/sbin/init', ports => ['80', '443'], links => ['mysql:db'], use_name => true, volumes => ['/var/lib/couchdb', '/var/log'], volumes_from => 'appserver1', memory_limit => 10485760, # bytes username => 'appy', hostname => 'app2.example.com', env => ['FOO=BAR', 'FOO2=BAR2'], dns => ['8.8.8.8', ‘8.8.4.4'] }
Running containers
SLIDE 22
Overview
- Puppet from 10,000 feet
- Managing the host
- Building images
– without a master (puppet apply) – with a master (puppet agent)
- Runtjme confjguratjon
SLIDE 23
Dockerfile for puppet apply
FROM fedora:20 MAINTAINER James Turnbull <james@lovedthanlost.net> ADD modules /tmp/modules RUN yum -y install puppet; \ puppet apply --modulepath=/tmp/modules \
- e "class { 'nginx': service_ensure => disable }”; \
rm -rf /tmp/modules EXPOSE 80 CMD ["nginx"] FROM fedora:20 MAINTAINER James Turnbull <james@lovedthanlost.net> ADD modules /tmp/modules RUN yum -y install puppet; \ puppet apply --modulepath=/tmp/modules \
- e "class { 'nginx': service_ensure => disable }”; \
rm -rf /tmp/modules EXPOSE 80 CMD ["nginx"]
SLIDE 24
FROM fedora:20 MAINTAINER David Lutterkort <lutter@watzmann.net> ADD puppet /tmp/puppet-docker RUN yum -y install puppet; \ /tmp/puppet-docker/bin/puppet-docker FROM fedora:20 MAINTAINER David Lutterkort <lutter@watzmann.net> ADD puppet /tmp/puppet-docker RUN yum -y install puppet; \ /tmp/puppet-docker/bin/puppet-docker
Dockerfile for puppet agent
SLIDE 25
> tree puppet puppet/ ├── bin │ └── puppet-docker ├── config.yaml └── ssl ├── agent-cert.pem ├── agent-private.pem ├── agent-public.pem └── ca.pem > tree puppet puppet/ ├── bin │ └── puppet-docker ├── config.yaml └── ssl ├── agent-cert.pem ├── agent-private.pem ├── agent-public.pem └── ca.pem
Support files
SLIDE 26
> cat puppet/config.yaml
- certname: docker.example.com
server: puppet-master.example.com facts: container: docker build: true > cat puppet/config.yaml
- certname: docker.example.com
server: puppet-master.example.com facts: container: docker build: true
Configure agent run
SLIDE 27
FROM fedora:20 MAINTAINER David Lutterkort <lutter@watzmann.net> ADD puppet /tmp/puppet-docker RUN yum -y install puppet; \ /tmp/puppet-docker/bin/puppet-docker FROM fedora:20 MAINTAINER David Lutterkort <lutter@watzmann.net> ADD puppet /tmp/puppet-docker RUN yum -y install puppet; \ /tmp/puppet-docker/bin/puppet-docker
Dockerfile for puppet agent
SLIDE 28
Overview
- Puppet from 10,000 feet
- Managing the host
- Building images
– without a master (puppet apply) – with a master (puppet agent)
- Runtjme confjguratjon
SLIDE 29
Runtime configuration
- Oneshot at container launch
- Install an init system (systemd)
– run cron or puppetd – run target service(s)
- Possibly move to one agent per host
SLIDE 30
Summary
- Manage container hosts with
htups://forge.puppetlabs.com/garethr/docker
- Sample materials for puppet agent etc. at